Network Security

A recent risk assessment of information systems at two Arizona-based Medicaid managed care organizations turned up 19 vulnerabilities, according to a new report from the Department of Health and Human Services Office of the Inspector General. Collectively, the flaws were related to remote network access (2), password and login controls (2), physical security controls (1), network…

Federal agencies are reportedly feeding data into a special algorithm introduced by the Department of Homeland Security (DHS) in order to assess their cyber posture scores. This Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm should go into full production by fiscal year 2020, news outlet GCN reported yesterday, citing a public presentation yesterday by DHS Continuous…

By Ed Bellis, co-founder, CTO, Kenna Security Historically, when CISOs have been called to speak to their organization’s board of directors, it was an uncommon event. Just a decade ago, the CISO who presented more than once per year was a rare bird. Times have changed. Boards of directors are taking an interest in cybersecurity…

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host. Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2…

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

Adobe Systems today released an out-of-band security update that fixes a critical type confusion vulnerability in Flash Player, which if exploited could lead to arbitrary code execution in the context of the current user. Designated CVE-2018-15981, the bug was found in versions 31.0.0.148 and earlier of Flash Player Desktop Runtime, Flash Player for Google Chrome…

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies. Conducted during last August’s 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government…

Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users. In a company blog post today, Imperva security researcher Ron Masas wrote that Facebook fixed the issue shortly after he discovered the flaw back in May. Masas reportedly noticed that Facebook’s…